From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1685 invoked by alias); 10 Jun 2014 20:56:40 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 1548 invoked by uid 89); 10 Jun 2014 20:56:39 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.7 required=5.0 tests=BAYES_20,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-HELO: plane.gmane.org Received: from plane.gmane.org (HELO plane.gmane.org) (80.91.229.3) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Tue, 10 Jun 2014 20:56:37 +0000 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1WuT5s-0002CN-LB for cygwin@cygwin.com; Tue, 10 Jun 2014 22:56:32 +0200 Received: from sirwa.org ([69.66.29.45]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 10 Jun 2014 22:56:32 +0200 Received: from rvicker by sirwa.org with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 10 Jun 2014 22:56:32 +0200 To: cygwin@cygwin.com From: "Roger Vicker, CCP" Subject: Re: CYGWIN - As admin setup other users SSH for them? Date: Tue, 10 Jun 2014 20:56:00 -0000 Message-ID: References: <5390204E.2050300@etr-usa.com> Reply-To: rvicker@vicker.com Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666 In-Reply-To: <5390204E.2050300@etr-usa.com> X-IsSubscribed: yes X-SW-Source: 2014-06/txt/msg00130.txt.bz2 On 6/5/2014 2:46 AM, Warren Young arranged the binary bits such that: > On 6/4/2014 16:05, Roger Vicker, CCP wrote: >> 3) deliver the private key to the user along with the rest of the >> instructions on how to use it in the provided apps. > How were you planning on delivering these sensitive private keys? Via > insecure email, perhaps? These particular users are barely computer literate so I would be copying the private keys directly to their Android devices and setting up the apps that need to use SSH as a tunnel to connect to their server side apps. > Use ssh as it was designed: have the users generate their own local > keypairs, and have them email the public key to you. The words we use > here mean something. The *public* key goes out over the public link, > and the *private* key stays at home. > I know security. That is why we are implementing SSH with keys to further secure a remote protocol. VPN is not as practical given the level of the users, the specific remote devices and app. > It's not like the commands are difficult. They set up a local Cygwin, > add the openssh package, then say: > > $ ssh-keygen > ...press Enter a bunch of times... > $ cat ~/.ssh/id_rsa.pub > /dev/clipboard > ...compose email to rvicker, paste > >> With out their passwords I can't login to establish their $home >> directory structure, > Take a look at /etc/profile, starting at line 75. See the stuff about > /etc/skel? That's how the user's home directory gets set up. Nothing > magic here. You could cut those couple-dozen lines into a new script > and tweak it for your purposes. > > The only trick is that if you do all this as administrator, you'll > have to say something like > > # chown -R otheruser.otheruser ~otheruser > > after you get done setting up the user's home directory. > -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple